At IOI Foundation, we take the security of our software products seriously. This document outlines our policy for reporting security vulnerabilities and our process for handling them.

We generally support the latest major release.

If you have discovered a security vulnerability in this project, please do not report it publicly.

Please email team@ioi.network with a description of the vulnerability. If possible, include:

• A clear description of the vulnerability.
• Steps to reproduce the issue.
• Affected component(s) and version(s).
• Any proposed fixes or mitigations.
• The potential impact of the vulnerability.

1. Acknowledgment: We will acknowledge your report within 48 hours.
2. Assessment: We will investigate the report to confirm the vulnerability and determine its severity.
3. Resolution: We will work on a fix and test it thoroughly.
4. Disclosure: Once the vulnerability is patched, we will release an update and may publish a security advisory. We will credit you for the discovery if you wish.

We are committed to working with you to resolve the issue promptly. We ask that you refrain from publicly disclosing the vulnerability until we have had a reasonable opportunity to address it.

Thank you for helping keep our project secure!